Renewal of certificate failing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command: sudo certbot --apache -v

It produced this output:
Renewing an existing certificate for

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from []: "\n\n404 Not Found\n\n

Not Found


Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

Hi @M4CC4 and welcome to the LE community forum :slight_smile:

It seems that certbot is unable to locate the proper document root for your domain.
A likely cause of Apache being all too eager to run at all cost.

Let's see if we can unravel this mess.
Starting with the output of:
apachectl -t -D DUMP_VHOSTS

Also, since you mention "Renewal" in the post title...
Please show the output of:
certbot certificates

1 Like

Have you tried?:
certbot renew

Please show this file:

1 Like

This is ignored: [as yet unexplained]

[as the vhost config lacks a "server_name" definition]

And thus certbot fails to find a vhost that covers that name.
You can either:

  • fix the problem by assigning a the proper server_name(s) within the vhost.
  • ignore the problem and use --webroot -w /var/www/html [instead of --apache]

There was that on the last line of the version of their post I see now.

But, good point about the rewrite. Shouldn't it be HTTP_HOST? Isn't there a bug with Apache not resolving SERVER_NAME right?

Or, don't use condition at all and always redirect to the intended VHost. Of course, I am assuming only ever this one domain name in this Apache.


I can't explain why it fails to redirect:

curl -Ii
HTTP/1.1 200 OK
Date: Fri, 07 Jan 2022 04:02:12 GMT
Server: Apache
Last-Modified: Thu, 06 Jan 2022 21:17:36 GMT
Accept-Ranges: bytes
Content-Length: 4748
Vary: Accept-Encoding
Content-Type: text/html

Yeah, that's a much simpler fix.


Also interested in seeing what's in:


I am just guessing now but maybe because the VHost is an IP based form (not named-based), the SERVER_NAME value is not what we think?

Even though the VHost has the name it is just a symbolic for the IP in this case. That's why we saw this earlier:

sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration: (/etc/apache2/sites-enabled/000-default.conf:1)
*:443 (/etc/apache2/sites-enabled/000-default-le-ssl.conf:3)

Note the IP address preceding :80

I repeat, I am just guessing - it is odd for sure.

To test idea, my first step would be remove condition to ensure any redirect works. Then add it back as condition with HTTP_HOST and see if that worked. Try SERVER_NAME after that and see when it breaks.

Also, could try just setting the VHost as *:80 - that might fix it up right away


Hi Everyone,
sudo certbot certonly --webroot -w /var/www/html
WORKED... I now have a valid certificate thru to April 7th... final questions to you gurus

I have put a diary entry in now so that I do not forget when the cert expires, therefore before the 7th do I just use the command
sudo certbot renew
To get my next validity period? Any way I can extend the period to greater than 3 months validity?


Just put the certbot renew in a root cronjob.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.